Google noticed an increase in attacks on Microsoft Windows and Internet Explorer machines and is working with its rival to mitigate the MHTML exploit, which targets political activists.
Google said it is working with Microsoft to patch a hole
in the Windows operating system hackers are trying to exploit to target
activists, among other users.
The search engine, which called the attacks "highly
targeted and apparently politically motivated," said the perpetrator(s)
abuses a known vulnerability Microsoft
with a temporary patch in late January.
Google would not reveal which
activists have been targeted or the origin of the attacks.
The bug lies in the MHTML (MIME Encapsulation of
Aggregate HTML) protocol handler on Windows XP and later Windows versions, and is
exploited as a cross-site scripting attack when users surf the Web with Microsoft's
Internet Explorer browser.
An attacker could leverage the hole
by writing an HTML
link designed to trigger a malicious script and convince the targeted user to
attacker a way to access user information stored in the browser and trick users
into installing malicious code.
Microsoft issued this fix
for the security flaw in January, but the flaw is being used to
target political activists and even users on at least one popular
social Website, Google said.
Google's security engineers recommend users, including
businesses whose computers use IE, run Microsoft's Fixit solution on their
computers to block this attack until permanent patch is available.
For its part, Google said it has set up several
server-side defenses to protect users of its own Web services against the MHTML
"That said, these are not tenable long-term
solutions, and we can't guarantee them to be 100 percent reliable or
comprehensive," Google's security team wrote in a blog post
March 11. "We're working with Microsoft to develop a
comprehensive solution for this issue."
That Google is working directly with rival Microsoft is a
testament to the seriousness of the issue. Rivalries tend to get placed on the
backburner where computer security is concerned, but the joint effort certainly
underscores the companies' shared concern.
Indeed, Google said the abuse of this vulnerability represents
a new quality in the exploitation of Web-level vulnerabilities. The company
said such attacks previously focused on directly compromising users' systems,
as opposed to leveraging vulnerabilities to interact with Web services.